1. Conditions for commencing business with Clients
1.1. A FinTech Lab Participant (the participant) must meet the following minimum requirements before commencing business with Clients:
a) the participant must demonstrate evidence of the availability of the policies, procedures, arrangements, systems and controls required by AML;
b) the participant must make the mandatory appointments as required by GEN 2.1 and must appoint a Chief Information Technology Officer, who must be an individual responsible for the participant’s ongoing information technology (IT) operations, maintenance and security oversight to ensure that the participant’ IT systems are reliable and adequately protected from external attack or incident;
c) the participant must have a Client agreement that outlines the risk disclosure measures required by the participant’s licence issued by the AFSA;
d) the participant must comply with GEN 5.2 (Outsourcing);
e) the participant must provide to the AFSA a signed statement, certifying that the participant has adequate measures in place to ensure the following:
- (i) that the participant’s IT systems are resilient and not prone to failure;
- (ii) business continuity if a part of the IT system fails;
- (iii) the protection of the IT systems from damage, tampering, misuse or unauthorised access;
- (iv) the integrity of data forming part of, or being processed through, the IT systems;(v) real time monitoring and reporting on system performance, availability and integrity;
- (vi) that policies and procedures for the IT systems are adequately established and maintained;
- (vii) that the participant has sufficient resources to operate without disruption, maintain and supervise the participant’s IT facilities.
f) the participant must provide to the AFSA evidence of the availability of adequate funds to meet at least 12 months of operational expenses, as per the participant’ application to become a FinTech Lab Participant;
g) the participant must ensure that Client Money is held in a segregated Client Money Account with a third-party account provider that is a Bank or a Regulated Financial Institution that is authorised in any jurisdiction to Accept Deposits;
h) if the participant is providing Digital Asset transactions - the participant must have arrangements in place to ensure storage of Client funds on a Hot Digital wallet at most equivalent to 10 Bitcoin (further BTC) or 10% of all Client funds or assets, whichever is greater.